Chinese Hackers Use LONGLEASH Malware to Expand ORB Network
Chinese state-sponsored hacking group UAT-7810 is actively developing and deploying the LONGLEASH malware to expand its Operational Relay Box (ORB) network. This operation primarily targets internet-facing networking devices, with a specific focus on unpatched Ruckus routers. The LONGLEASH malware, first observed in late 2023, allows the attackers to gain persistent access to compromised devices, enabling them to use these devices as proxies for malicious activities. The ORB network is a sophisticated infrastructure that the group uses to mask the origin of their attacks and maintain anonymity while conducting espionage operations.
The group's strategy involves exploiting known vulnerabilities in network hardware, particularly older or unmaintained devices that are more susceptible to compromise. By compromising these devices, UAT-7810 can integrate them into their ORB network, effectively turning them into nodes that relay traffic for their operations. This expansion of the ORB network enhances the group's ability to conduct long-term espionage campaigns and evade detection by cybersecurity defenses. The use of LONGLEASH signifies a continuous effort by the group to refine their tools and techniques for network infiltration and control.
Analysis of the LONGLEASH malware reveals its capabilities in establishing command-and-control (C2) channels and maintaining a persistent presence on compromised systems. The malware is designed to be stealthy, making it difficult for security software to detect its presence. The group's focus on networking devices like Ruckus routers highlights a trend in cyber espionage where attackers target the foundational infrastructure of networks to achieve broader access and control. The ongoing evolution of LONGLEASH and the expansion of the ORB network indicate a persistent threat from UAT-7810, likely targeting government and private sector entities for intelligence gathering.
Original source — read the full reporting at the publisher:
Read on BleepingComputer